[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

EP3496359A1 - Procédé de communication de données et système - Google Patents

Procédé de communication de données et système Download PDF

Info

Publication number
EP3496359A1
EP3496359A1 EP17836422.0A EP17836422A EP3496359A1 EP 3496359 A1 EP3496359 A1 EP 3496359A1 EP 17836422 A EP17836422 A EP 17836422A EP 3496359 A1 EP3496359 A1 EP 3496359A1
Authority
EP
European Patent Office
Prior art keywords
terminal
communication
data packet
pulse number
number threshold
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
EP17836422.0A
Other languages
German (de)
English (en)
Other versions
EP3496359A4 (fr
Inventor
Ming Li
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tendyron Corp
Original Assignee
Tendyron Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from CN201610640012.XA external-priority patent/CN107690144B/zh
Priority claimed from CN201610639419.0A external-priority patent/CN107690141B/zh
Application filed by Tendyron Corp filed Critical Tendyron Corp
Publication of EP3496359A4 publication Critical patent/EP3496359A4/fr
Publication of EP3496359A1 publication Critical patent/EP3496359A1/fr
Ceased legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/24Negotiation of communication capabilities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/037Protecting confidentiality, e.g. by encryption of the control plane, e.g. signalling traffic
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K7/00Methods or arrangements for sensing record carriers, e.g. for reading patterns
    • G06K7/0008General problems related to the reading of electronic memory record carriers, independent of its reading method, e.g. power transfer
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K7/00Methods or arrangements for sensing record carriers, e.g. for reading patterns
    • G06K7/10Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation
    • G06K7/10009Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation sensing by radiation using wavelengths larger than 0.1 mm, e.g. radio-waves or microwaves
    • G06K7/10257Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation sensing by radiation using wavelengths larger than 0.1 mm, e.g. radio-waves or microwaves arrangements for protecting the interrogation against piracy attacks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K7/00Methods or arrangements for sensing record carriers, e.g. for reading patterns
    • G06K7/10Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation
    • G06K7/10009Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation sensing by radiation using wavelengths larger than 0.1 mm, e.g. radio-waves or microwaves
    • G06K7/10297Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation sensing by radiation using wavelengths larger than 0.1 mm, e.g. radio-waves or microwaves arrangements for handling protocols designed for non-contact record carriers such as RFIDs NFCs, e.g. ISO/IEC 14443 and 18092
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/28Timers or timing mechanisms used in protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0637Modes of operation, e.g. cipher block chaining [CBC], electronic codebook [ECB] or Galois/counter mode [GCM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • H04L9/3273Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response for mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/009Security arrangements; Authentication; Protecting privacy or anonymity specially adapted for networks, e.g. wireless sensor networks, ad-hoc networks, RFID networks or cloud networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/121Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
    • H04W12/122Counter-measures against attacks; Protection against rogue devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/80Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00309Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
    • G07C2009/00555Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks comprising means to detect or avoid relay attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • H04L2209/805Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/61Time-dependent

Definitions

  • the present disclosure relates to the field of electronic technologies, and particular to, a data communication method and system.
  • the reading scheme of the existing contactless IC card reader performs data transmission based on communication protocols such as 14443 and 15693.
  • a frame waiting time exists after the reader sends instruction data, which indicates a maximum time range for the card reader to wait to receive response data from the card. That is, after the card reader sends an instruction to the card, the card reader waits to receive the response data from the card, and the card reader considers the returned data to be legal if the data is returned within the frame waiting time (FWT).
  • FWT frame waiting time
  • a third party intercepts the data sent by the card reader and returns the response data within the FWT time, the card reader will consider the source of the data to be reliable.
  • the solution has security risks, such as being attacked by a third party and data being altered.
  • the present disclosure aims to solve at least one of the above problems.
  • a main objective of the present disclosure is to provide a data communication method.
  • Another objective of the present disclosure is to provide a data communication system.
  • Another objective of the present disclosure is to provide another data communication method.
  • Another objective of the present disclosure is to provide another data communication system.
  • the present disclosure provides a data communication method, including: a first terminal continuously generating a communication carrier signal, and a second terminal receiving the communication carrier signal, during a communication between the first terminal and the second terminal.
  • the method further includes: sending by the first terminal a communication data signal carrying a data packet to be processed, beginning by the first terminal to record the first number of pulses corresponding to the communication carrier signal sent by the first terminal when the first terminal completes sending the data packet to be processed; in which the communication data signal is obtained by the first terminal through modulating the data packet to be processed onto the communication carrier signal; receiving by the second terminal the communication data signal carrying the data packet to be processed, beginning by the second terminal to record the second number of pulses corresponding to the communication carrier signal received by the second terminal when the second terminal completes receiving the data packet to be processed, generating by the second terminal a response data packet based on the data packet to be processed; sending, by the second terminal, the response data packet to the first terminal when the recorded second number of pulses reaches a pulse number threshold N; and allowing
  • the present disclosure further provides a data communication system, as least including a first terminal, and a second terminal.
  • the first terminal continuously generates a communication carrier signal during communication with the second terminal.
  • the first terminal is configured to send a communication data signal carrying a data packet to be processed, and begin to record the first number of pulses corresponding to the communication carrier signal sent by the first terminal when the first terminal completes sending the data packet to be processed; in which the communication data signal is obtained by the first terminal through modulating the data packet to be processed onto the communication carrier signal;
  • the second terminal is configured to receive the communication data signal carrying the data packet to be processed, begin to record the second number of pulses corresponding to the communication carrier signal received by the second terminal when the second terminal completes receiving the data packet to be processed, and generate a response data packet based on the data packet to be processed;
  • the second terminal is configured to send the response data packet to the first terminal when the recorded second number of pulses reaches a pulse number threshold N; and the first terminal is configured to allow to begin receiving the response data packet when
  • the first terminal begins to record the first number of pulses corresponding to the communication carrier signal sent by the first terminal when the first terminal completes sending the data packet to be processed, and receives the response data packet when the first number of pulses reaches the pulse number threshold N;
  • the second terminal begins to record the second number of pulses corresponding to the communication carrier signal received by the second terminal when the second terminal completes receiving the data packet to be processed, and sends the response data packet to the first terminal when the second number of pulses reaches the pulse number threshold N.
  • simultaneous receiving and sending through detecting the numbers of pulses by the first terminal and by the second terminal greatly improves the timing accuracy of the two parties, thus ensuring that the first terminal and the second terminal receive and send response data packets only at a particular moment of high precision. That is, even if the response data packet sent by the second terminal to the first terminal is intercepted by a third party during the transmission, the first terminal has already terminated the communication process when the data tampered by the third party reaches the first terminal, this is because the third party tampers with the data at millisecond level, which is far greater than the timing accuracy of the first terminal, and the first terminal immediately stops the communication if not receiving the response data packet at the particular moment, thereby greatly improving the reliability of the received response data packet.
  • the present disclosure further provides another data communication method, including: a first terminal continuously generating a communication carrier signal, and a second terminal receiving the communication carrier signal, during a communication between the first terminal and the second terminal.
  • the method includes: sending by the first terminal a communication data signal carrying a data packet to be processed, beginning by the first terminal to record the first number of pulses corresponding to the communication carrier signal sent by the first terminal when the first terminal completes sending the data packet to be processed; in which the communication data signal is obtained by the first terminal through modulating the data packet to be processed onto the communication carrier signal; receiving by the second terminal the communication data signal carrying the data packet to be processed, beginning by the second terminal to record the second number of pulses corresponding to the communication carrier signal received by the second terminal when the second terminal completes receiving the data packet to be processed, generating by the second terminal a response data packet based on the data packet to be processed; sending, by the second terminal, the response data packet to the first terminal when detecting that the second number of pulses reaches a pulse number threshold N; and
  • the present disclosure further provides a data communication system, as least including a first terminal, and a second terminal.
  • the first terminal continuously generating a communication carrier signal during communication with the second terminal.
  • the first terminal is configured to send a communication data signal carrying a data packet to be processed, and begin to record the first number of pulses corresponding to the communication carrier signal sent by the first terminal when the first terminal completes sending the data packet to be processed; in which the communication data signal is obtained by the first terminal through modulating the data packet to be processed onto the communication carrier signal;
  • the second terminal is configured to receive the communication data signal carrying the data packet to be processed, begin to record the second number of pulses corresponding to the communication carrier signal received by the second terminal when the second terminal completes receiving the data packet to be processed, and generate a response data packet based on the data packet to be processed;
  • the second terminal is configured to send the response data packet to the first terminal when detecting that the second number of pulses reaches a pulse number threshold N;
  • the first terminal is configured to allow to begin receiving the response
  • the first terminal begins to record the first number of pulses corresponding to the communication carrier signal sent by the first terminal when the first terminal completes sending the data packet to be processed, and receives the response data packet when the first number of pulses is within the threshold range;
  • the second terminal begins to record the second number of pulses corresponding to the communication carrier signal received by the second terminal when the second terminal completes receiving the data packet to be processed, and sends the response data packet to the first terminal when the second number of pulses reaches the pulse number threshold N.
  • simultaneous receiving and sending through detecting the numbers of pulses by the first terminal and by the second terminal greatly improves the timing accuracy of the two parties, thus ensuring that the first terminal and the second terminal receive and send response data packets only at a particular moment of high precision. That is, even if the response data packet sent by the second terminal to the first terminal is intercepted by a third party during the transmission, the first terminal has already terminated the communication process when the data tampered by the third party reaches the first terminal, this is because the third party tampers with the data at millisecond level, which is far greater than the timing accuracy of the first terminal, and the first terminal immediately stops the communication if not receiving the response data packet at the particular moment, thereby greatly improving the reliability of the received response data packet.
  • the embodiment provides a data communication method.
  • the first terminal continuously generates a communication carrier signal.
  • a communication carrier signal is a radio wave generated by an oscillator and transmitted over a communication channel, and is modulated to transmit data.
  • the communication carrier is generated by the first terminal as a carrier tool for transmitting data information.
  • embodiment 1 comprises actions in the following blocks.
  • a communication data signal carrying a data packet to be processed is sent by the first terminal.
  • the communication data signal is obtained by the first terminal by means of modulating the data packet to be processed onto the communication carrier signal.
  • the communication carrier signal is an unmodulated periodic oscillating signal, which is either a sine wave or a non-sinusoidal wave (such as a periodic pulse sequence).
  • the signal generated after modulating the data packet to be processed onto the communication carrier signal is called as the communication data signal, which may contain the full-wave characteristics of the data packet to be processed.
  • the frequency of the communication carrier signal is required to be much higher than the bandwidth of the modulated signal of the data packet to be processed, otherwise aliasing may occur and the transmission signal may be distorted.
  • the first terminal loads the signal of the data packet to be processed onto the communication carrier signal for data transmission, thus ensuring correct outgoing transmission of the data packet to be processed.
  • the first terminal begins to record the first number of pulses corresponding to the communication carrier signal sent by the first terminal; the communication data signal is obtained by the first terminal through modulating the data packet to be processed onto the communication carrier signal.
  • a pulse signal is a discrete signal that can take many forms, such as a sharp pulse signal, a triangular wave pulse signal.
  • the waveform of the pulse signal is discontinuous in the time axis, and there is a clear interval between one waveform and the other, but it has a certain periodicity.
  • the most common pulse signal is a rectangular wave signal, i.e., a square wave signal, which is expressed as periodic high-power levels or periodic low-power levels.
  • the first terminal and the second terminal perform timing for signal transmission and reception by recording the number of pulses of the pulse signal.
  • the number of pulses corresponding to the communication carrier signal is recorded in real time from the number 0, thereby obtaining the first number of pulses corresponding to the communication carrier signal sent by the first terminal in real time.
  • the current number of pulses is detected by a pulse detecting component inside the first terminal, and the current number of pulses is arranged as the first beginning number of pulses, then it begins to detect the change in the number of pulses corresponding to the communication carrier signal in real time, thereby obtaining the difference value of the pulses corresponding to the communication carrier signal relative to the first beginning number of pulses in real time.
  • the change speed of the number of pulses corresponding to the communication carrier signal is positively correlated with the frequency of the communication carrier signal.
  • T By detecting the first number of pulses corresponding to the communication carrier signal sent by the first terminal at a certain time moment T, it is possible to accurately record the time interval between the time moment T and the time moment when the first terminal completes sending the data packet to be processed based on the number of pulses.
  • the frequency of the communication carrier signal is V
  • the duration of one cycle is 1/v, i.e., the interval between two adjacent pulses is 1/v.
  • the frequency of the communication carrier signal is generally extremely high, for example, 13.56 MHz, 2.4 GHz.
  • the interval between two adjacent pulses is about 0.4 nanoseconds. Consequently, the first terminal detects the time interval by measuring the change of the number of pulses corresponding to the communication carrier signal, which greatly improves the detection accuracy.
  • the communication data signal carrying the data packet to be processed is received by the second terminal.
  • the second terminal receives the data signal of the data packet to be processed according to the frequency of the communication carrier signal.
  • the amplitude of a meaningful signal wave is different from the amplitude of a meaningless signal wave.
  • the valid signal is extracted as the required data signal of the data packet to be processed, thereby efficiently obtaining the data packet to be processed.
  • the second terminal begins to record the second number of pulses corresponding to the communication carrier signal received by the second terminal when the second terminal completes receiving the data packet to be processed, and a response data packet is generated by the second terminal based on the data packet to be processed.
  • the number of pulses of the communication carrier signal is recorded in real time from the number 0, thereby obtaining the second number of pulses corresponding to the communication carrier signal received by the second terminal in real time.
  • the current number of pulses is detected by a pulse detecting component inside the second terminal, and the current number of pulses is arranged as the second beginning number of pulses, then it begins to detect the change in the number of pulses corresponding to the communication carrier signal in real time, thereby obtaining the difference value of the pulses corresponding to the communication carrier signal relative to the second beginning number of pulses in real time, and the received data packet to be processed is processed to generate the response data packet.
  • the second terminal performs timing by detecting the communication carrier signal sent by the first terminal, and the time-interval measurement can be realized without arranging the components such as a timer, a crystal oscillator, a power source in the second terminal, thereby reducing the production cost of the second terminal.
  • the second number of pulses corresponding to the communication carrier signal received by the second terminal at a certain time moment T, it is possible to accurately record the time interval between the time moment T and the time moment when the second terminal completes receiving the data packet to be processed based on the number of pulses. For example, when the frequency of the communication carrier signal is V, the duration of one cycle is 1/v, i.e., the interval between two adjacent pulses is 1/v.
  • the frequency of the communication carrier signal is generally extremely high, for example, 13.56 MHz, 2.4 GHz.
  • the interval between two adjacent pulses is about 0.4 nanoseconds. Consequently, the second terminal detects the time interval by measuring the change of the number of pulses corresponding to the communication carrier signal, which greatly improves the detection accuracy.
  • the first terminal splits the data packet to be processed into x data blocks for transmission, in which ⁇ T1 is the transmission duration between the first terminal and the second terminal of the x th data block in the data packet to be processed, and ⁇ T2 is the time difference between the time moment when the x th data block arrives at the second terminal and the time moment when the second terminal completes receiving the x th data block in the data packet to be processed.
  • the data packet to be processed is transmitted at the speed of light during transmission.
  • ⁇ T1 is a minimum value.
  • the data packet to be transmitted is split into multiple data blocks for transmission.
  • the data packet to be transmitted is split into x data blocks for transmission.
  • the second terminal Before the first terminal completes sending the last data block, i.e., the x th data block, the second terminal has begun to receive the first data block in the data packet to be processed. At the time moment T1+ ⁇ T1, the second terminal completes receiving x-1 data blocks in the data packet to be processed.
  • ⁇ T2 is the time difference between the time moment when the x th data block arrives at the second terminal and the time moment when the second terminal completes receiving the x th data block in the data packet to be processed. Consequently, ⁇ T2 is also a minimum value. Therefore, in the communication method provided in this embodiment, the first terminal and the second terminal can be equivalently regarded as timing based on the communication carrier signal at the same time, which ensures the synchronization and accuracy of the timing results of both terminals.
  • the second terminal After receiving the data packet to be processed, the second terminal performs an authentication operation on the data packet to be processed. After the authentication succeeds, the key information is extracted from the data packet to be processed, and the key information is processed to generate the response data packet.
  • the second terminal After receiving the data packet to be processed, the second terminal performs the authentication operation on the data packet to be processed to confirm the legal identity of the first terminal.
  • the key information such as a transaction account and a transaction amount are extracted from the data packet to be processed and displayed to a user. After the user confirms, the second terminal uses the second terminal private key to perform a signature operation on the key information to generate signature data, and generates the response data packet based on the signature data and the certificate of the second terminal, thereby ensuring communication security.
  • the response data packet is sent by the second terminal to the first terminal when the recorded second number of pulses reaches a pulse number threshold N.
  • the second terminal detects in real time the change difference of the number of pulses corresponding to the communication carrier signal at the current time moment relative to the second beginning number of pulses.
  • the second terminal sends the generated response data packet to the first terminal.
  • the pulse number threshold N can be stored in the factory preconfigured information for the first terminal and the second terminal, or the pulse number threshold N may be negotiated for the first terminal and the second terminal, or the pulse number threshold N may be carried in the communication protocol of the first terminal and the second terminal, in which, alternatively ⁇ ⁇ N ⁇ ⁇ , ⁇ is a change value in the number of pulses generated when the communication carrier signal goes through a predetermined completion time period of processing by the second terminal the received data from the first terminal.
  • the predetermined completion time period refers to the maximum time period required for the second terminal to process the data sent by the first terminal.
  • N ⁇ ⁇ ensures that the second terminal completes the processing of the data packet to be processed and generating the response data packet before the response data packet needs to be sent, thereby ensuring normal communication between the first terminal and the second terminal.
  • is a change value in the number of pulses generated when the communication carrier signal goes through a frame waiting time defined by the communication protocol adopted by the first terminal and the second terminal.
  • the frame waiting time refers to the effective waiting time after the data packet to be processed is sent, which is defined in the communication protocol. Communication fails after frame waiting time.
  • the communication protocol adopted by the first terminal and the second terminal may be a currently general communication protocol and a communication protocol that may occur in the future, such as ISO14443 communication protocol and ISO15693 communication protocol.
  • N ⁇ ⁇ ensures that the second terminal sends the response data packet to the first terminal within the frame waiting time, which is compatible with the existing communication protocol, and ensures normal communication between the first terminal and the second terminal under the existing communication protocol.
  • the second terminal detects the number of pulses and sends the response data packet when the second number of pulses reaches the pulse number threshold N, so that the response data packet is sent only at a specified time moment, meanwhile the accuracy of the time that sends the response data packet is ensured.
  • the first terminal allows to begin receiving the response data packet when the recorded first number of pulses reaches the pulse number threshold N.
  • the first terminal and the second terminal communicate with each other by using short distance wireless communication, which includes: Bluetooth communication protocol, IrDA (Infrared Data Association) communication protocol, RFID (Radio Frequency Identification) communication protocol, ZigBee communication protocol, Ultra WideBand communication protocol, near field communication (NFC) communication protocol, WiMedia communication protocol, GPS (Global Positioning System) communication protocol, DECT (Digital Enhanced Cordless Telecommunications) communication protocol, 1394 wireless communication protocol.
  • short distance wireless communication the distance between the first terminal and the second terminal is negligible with respect to the transmission distance of the data signal per unit time.
  • the distance between the first terminal and the second terminal is less than 10 meters, and the data between the first terminal and the second terminal is wirelessly transmitted at the speed of light.
  • the data transmission time duration between the first terminal and the second terminal is extremely short, about 30 ns, which can be negligible. That is, after the first terminal sends the data packet, the second terminal can immediately receive the data packet.
  • the first terminal receives the response data packet that is sent by the second terminal when the second number of pulses reaches the pulse number threshold N
  • the first number of pulses detected by the first terminal is also N; the first terminal only allows to begin receiving the response data packet when detecting that the first number of pulses reaches the pulse number threshold N.
  • the first terminal and the second terminal may be any device capable of data interaction communication.
  • the first terminal may be a reader, including a card reader, a computer, a mobile phone, a router, an in-vehicle device, a server, etc.
  • the second terminal may be a transponder, including a smart card, an ID card, a smart key device, a mobile phone, a computer, a router, a smart home, a wearable device, etc.
  • the first terminal and the second terminal simultaneously improve the timing accuracy by detecting the numbers of pulses, thereby ensuring that the first terminal and the second terminal only send and receive response data packets at a particular moment of high precision. Even if the response data packet sent by the second terminal to the first terminal is intercepted by the third party during the transmission, the first terminal has already terminated the communication process when the data tampered by the third party reaches the first terminal, this is because the third party tampers with the data at millisecond level, which is far greater than the timing accuracy of the first terminal, and the first terminal immediately stops the communication if not receiving the response data packet at the particular moment, thereby greatly improving the reliability of the received response data packet.
  • the method further includes the actions in the following blocks.
  • the first terminal generates a communication request and sends the communication request to the second terminal.
  • the second terminal receives the communication request, generates a first negotiation data packet based on the communication request, and sends the first negotiation data packet to the first terminal.
  • the first terminal receives the first negotiation data packet, and performs an authentication operation on the second terminal based on the first negotiation data packet. After the authentication succeeds, the first terminal generates a second negotiation data packet, and sends the second negotiation data packet to the second terminal.
  • the second terminal receives the second negotiation data packet, and performs an authentication operation on the first terminal based on the second negotiation data packet, generates the pulse number threshold N after the authentication succeeds, encrypts the pulse number threshold N to generate a pulse number threshold ciphertext, and sends the pulse number threshold ciphertext to the first terminal, in which N ⁇ ⁇ and ⁇ is the number of pulses generated when the communication carrier signal goes through a frame waiting time defined by the communication protocol adopted by the first terminal and the second terminal.
  • a frame waiting time refers to the effective waiting time after the data packet to be processed is sent, which is defined in the communication protocol. Communication fails after frame waiting time. N ⁇ ⁇ ensures that the second terminal sends the response data packet to the first terminal within the frame waiting time, which is compatible with the existing communication protocol, and ensures normal communication between the first terminal and the second terminal under the existing communication protocol.
  • is a change value in the number of pulses generated when the communication carrier signal goes through a predetermined completion time period of processing by the second terminal the received data from the first terminal.
  • the first terminal can obtain ⁇ in a variety of ways, including but not being limited to the following: ⁇ can be obtained by the first terminal from external key input, ⁇ can be obtained when the second terminal sends it to the first terminal, ⁇ can be obtained from scanning code by the first terminal, ⁇ can be obtained from the factory preconfigured information by the first terminal.
  • N ⁇ ⁇ ensures that the second terminal completes processing of the data packet to be processed and generating the response data packet before the response data packet needs to be sent, thereby ensuring normal communication between the first terminal and the second terminal.
  • the first terminal receives the pulse number threshold ciphertext, decrypts the pulse number threshold ciphertext to obtain the pulse number threshold ciphertext N, and stores the pulse number threshold ciphertext N.
  • Blocks S1001 to S1005 may include, but are not limited to, the following three implementations provided by this embodiment.
  • the first terminal generates a first random number and sends the first random number to the second terminal.
  • the first random number may be generated by the first terminal according to an external random noise signal, or may be generated by the first terminal according to an internal random number generator, to ensure external unreachability of the first random number.
  • the second terminal receives the first random number, generates a second random number, performs a signature operation on the first random number by using the second terminal private key to generate first signature information, and sends the first negotiation data packet to the first terminal, in which the first negotiation data packet includes at least: a CA (Certificate Authority) certificate of the second terminal, the first signature information, and the second random number.
  • CA Certificate Authority
  • the second random number may be generated by the second terminal according to an external random noise signal, or may be generated by the second terminal according to an internal random number generator, to ensure external unreachability of the second random number.
  • the second terminal performs a signature operation on the first random number based on the private key thereof, and sends the CA certificate of the second terminal to the first terminal, so that the first terminal may authenticate the legality of the second terminal.
  • the first terminal receives the first negotiation data packet, and performs an authentication operation on the CA certificate of the second terminal, obtains the second terminal public key after the authentication succeeds, performs a verification operation on the first signature information based on the second terminal public key, performs a signature operation on the second random number by using the first terminal private key after the verification succeeds to generate second signature information, and sends the second negotiation data packet to the second terminal, in which the second negotiation data packet includes at least: the CA certificate of the first terminal, and the second signature information.
  • the first terminal performs an identity authentication on the second terminal based on the second terminal public key to ensure the legality of the second terminal. After the authentication succeeds, the first terminal performs a signature operation on the second random number based on the private key, and sends the CA certificate of the first terminal to the second terminal, so that the second terminal authenticates the legality of the first terminal.
  • the second terminal receives the second negotiation data packet, and performs an authentication operation on the CA certificate of the first terminal, obtains the first terminal public key after the authentication succeeds, performs a verification operation on the second signature information based on the first terminal public key, generates the pulse number threshold N after the verification succeeds, encrypts the pulse number threshold N by using the first terminal public key to generates a pulse number threshold ciphertext, and sends the pulse number threshold ciphertext to the first terminal.
  • the second terminal performs an identity authentication on the first terminal based on the first terminal public key to ensure the legality of the first terminal. After the authentication succeeds, the second terminal generates the pulse number threshold N, encrypts the pulse number threshold N by using the first terminal public key to generate the pulse number threshold ciphertext.
  • the pulse number threshold ciphertext generated by the encryption on the pulse number threshold by using the first terminal public key can only be decrypted by using the first terminal private key, and the first terminal private key is stored in the first terminal security chip and cannot be obtained by the external terminal, thereby ensuring the security of the pulse number threshold N.
  • the first terminal receives the pulse number threshold ciphertext, and decrypts the pulse number threshold ciphertext by using the first terminal private key to obtain the pulse number threshold N and store the pulse number threshold N.
  • the first terminal decrypts the pulse number threshold ciphertext by using the first terminal private key to obtain the pulse number threshold N and store the pulse number threshold N, which realizes the negotiation of the pulse number threshold N between the first terminal and the second terminal, thereby ensuring the security of the negotiation process.
  • the first terminal generates a first random number and sends the first random number and a CA certificate of the first terminal to the second terminal.
  • the first random number may be generated by the first terminal according to an external random noise signal, or may be generated by the first terminal according to an internal random number generator, to ensure external unreachability of the first random number.
  • the second terminal receives the first random number and the CA certificate of the first terminal; generates a second random number; performs an authentication operation on the CA certificate of the first terminal; after the authentication succeeds, obtains the first terminal public key and performs a signature operation on the first random number by using the second terminal private key to generate the first signature information; encrypts the second random number by using the first terminal public key to generate the second random number ciphertext; and sends the first negotiation information to the first terminal, in which the first negotiation information includes at least: a CA certificate of the second terminal, the first signature information, and the second random number ciphertext.
  • the second random number may be generated by the second terminal according to an external random noise signal, or may be generated by the second terminal according to an internal random number generator, to ensure external unreachability of the second random number.
  • the second terminal obtains the first terminal public key based on the CA certificate of the first terminal, and encrypts the second random number by using the first terminal public key.
  • the second random number ciphertext generated by encryption through using the first terminal public key can only be decrypted by using the first terminal private key, and the first terminal private key is stored in the first terminal security chip and cannot be obtained by the external terminal, thereby ensuring the security of the second random number.
  • the first terminal receives the first negotiation data packet, and performs an authentication operation on the CA certificate of the second terminal; after the authentication succeeds, performs a verification operation on the first signature information based on the second terminal public key; after the verification succeeds, encrypts the second random number ciphertext by using the first terminal private key to obtain the second random number; performs a signature operation on the second random number by using the first terminal private key to generate the second signature information; generates the third random number, encrypts the third random number by using the second terminal public key to obtain the third random number ciphertext; obtains the transmission key according to the first predetermined algorithm based on the second random number and the third random number, and sends the second negotiation information to the second terminal, in which the second negotiation information includes at least: the second signature information, and the third random number ciphertext.
  • the first terminal performs an identity authentication on the second terminal based on the second terminal public key to ensure the legality of the second terminal; after the authentication succeeds, encrypts the second random number ciphertext by using the first terminal private key to obtain the second random number; generates the third random number; obtains the transmission key according to the first predetermined algorithm based on the second random number and the third random number, in which the third random number may be generated by the first terminal according to an external random noise signal, or may be generated by the first terminal according to an internal random number generator, to ensure external unreachability of the second random number; encrypts the third random number by using the second terminal public key.
  • the third random number ciphertext generated by encryption through using the second terminal public key can only be decrypted by using the second terminal private key, and the second terminal private key is stored in the second terminal security chip and cannot be obtained by the external terminal, thereby ensuring the security of the third random number.
  • the second terminal receives the second negotiation data packet, and performs a verification operation on the second signature information based on the first terminal public key; after the verification succeeds, decrypts the third random number ciphertext by using the second terminal private key to obtain the third random number; obtains the transmission key according to the first predetermined algorithm based on the second random number and the third random number.
  • the second terminal generates the transmission key generation feedback information, and sends the transmission key generation feedback information to the first terminal.
  • the second terminal decrypts the third random number ciphertext by using the second terminal private key to obtain the third random number; obtains the transmission key according to the first predetermined algorithm based on the second random number and the third random number.
  • the first terminal and the second terminal respectively obtain the transmission key according to the first predetermined algorithm based on the second random number and the third random number, which not only ensures that the two sides negotiate the same transmission key, but also does not need to send the transmission key, thereby avoiding the leakage of the transmission key during the communication process and improving the security of the communication.
  • the first terminal receives the transmission key generation feedback information, generates the pulse number threshold N, encrypts the pulse number threshold N by using the transmission key to generate the pulse number threshold ciphertext, and sends the pulse number threshold ciphertext to the second terminal.
  • the first terminal generates the pulse number threshold N, and encrypts the pulse number threshold N by using the transmission key to generate the pulse number threshold ciphertext.
  • the transmission key is respectively obtained by the first terminal and the second terminal based on the second random number and the third random number according to the first predetermined algorithm, and is only stored inside the first terminal and the second terminal, which cannot be obtained by the external terminal, thereby ensuring the security of the pulse number threshold N.
  • the second terminal receives the pulse number threshold ciphertext, and decrypts the pulse number threshold ciphertext by using the second terminal private key to obtain the pulse number threshold N, and stores the pulse number threshold N.
  • the second terminal decrypts the pulse number threshold ciphertext by using the transmission key to obtain the pulse number threshold N, and stores the pulse number threshold N, which realizes the negotiation of the pulse number threshold N between the first terminal and the second terminal, thereby ensuring the security of the negotiation process.
  • the first terminal generates a first random number and sends the first random number and a CA certificate of the first terminal to the second terminal.
  • the first random number may be generated by the first terminal according to an external random noise signal, or may be generated by the first terminal according to an internal random number generator, to ensure external unreachability of the first random number.
  • the second terminal receives the first random number and the CA certificate of the first terminal; generates a second random number; performs an authentication operation on the CA certificate of the first terminal; after the authentication succeeds, obtains the first terminal public key and performs a signature operation on the first random number by using the second terminal private key to generate the first signature information; encrypts the second random number by using the first terminal public key to generate the second random number ciphertext; and sends the first negotiation information to the first terminal, in which the first negotiation information includes at least: a CA certificate of the second terminal, the first signature information, and the second random number ciphertext.
  • the second random number may be generated by the second terminal according to an external random noise signal, or may be generated by the second terminal according to an internal random number generator, to ensure external unreachability of the second random number.
  • the second terminal obtains the first terminal public key based on the CA certificate of the first terminal, and encrypts the second random number by using the first terminal public key.
  • the second random number ciphertext generated by encryption through using the first terminal public key can only be decrypted by using the first terminal private key, and the first terminal private key is stored in the first terminal security chip and cannot be obtained by the external terminal, thereby ensuring the security of the second random number.
  • the first terminal receives the first negotiation data packet, and performs an authentication operation on the CA certificate of the second terminal; after the authentication succeeds, performs a verification operation on the first signature information based on the second terminal public key; after the verification succeeds, encrypts the second random number ciphertext by using the first terminal private key to obtain the second random number; performs a signature operation on the second random number by using the first terminal private key to generate the second signature information; generates the third random number; encrypts the third random number by using the second terminal public key to obtain the third random number ciphertext; obtains the transmission key according to the first predetermined algorithm based on the second random number and the third random number; and sends the second negotiation information to the second terminal, in which the second negotiation information includes at least: the second signature information, and the third random number ciphertext.
  • the first terminal performs an identity authentication on the second terminal based on the second terminal public key to ensure the legality of the second terminal; after the authentication succeeds, encrypts the second random number ciphertext by using the first terminal private key to obtain the second random number; generates the third random number; obtains the transmission key according to the first predetermined algorithm based on the second random number and the third random number, in which the third random number may be generated by the first terminal according to an external random noise signal, or may be generated by the first terminal according to an internal random number generator, to ensure external unreachability of the second random number; encrypts the third random number by using the second terminal public key.
  • the third random number ciphertext generated by encryption through using the second terminal public key can only be decrypted by using the second terminal private key, and the second terminal private key is stored in the second terminal security chip and cannot be obtained by the external terminal, thereby ensuring the security of the third random number.
  • the second terminal receives the second negotiation data packet, and performs a verification operation on the second signature information based on the first terminal public key; after the verification succeeds, decrypts the third random number ciphertext by using the second terminal private key to obtain the third random number; obtains the transmission key according to the first predetermined algorithm based on the second random number and the third random number.
  • the second terminal generates the pulse number threshold N, decrypts the pulse number threshold N by using the transmission key to generate the pulse number threshold ciphertext and sends the pulse number threshold ciphertext to the first terminal.
  • the second terminal decrypts the third random number ciphertext by using the second terminal private key to obtain the third random number, and obtains the transmission key according to the first predetermined algorithm based on the second random number and the third random number.
  • the first terminal and the second terminal respectively obtain the transmission key according to the first predetermined algorithm based on the second random number and the third random number, which not only ensures that the two sides negotiate the same transmission key, but also does not need to send the transmission key, thereby avoiding the leakage of the transmission key during the communication process and improving the security of the communication.
  • the second terminal generates the pulse number threshold N, encrypts the pulse number threshold N by using the transmission key to generate the pulse number threshold ciphertext.
  • the transmission key is respectively obtained by the first terminal and the second terminal based on the second random number and the third random number according to the first predetermined algorithm, and is only stored inside the first terminal and the second terminal, which cannot be obtained by the external terminal, thereby ensuring the security of the pulse number threshold N.
  • the first terminal receives the pulse number threshold ciphertext, decrypts the pulse number threshold ciphertext by using the transmission key to obtain the pulse number threshold N, and stores the pulse number threshold N.
  • the first terminal decrypts the pulse number threshold ciphertext by using the transmission key to obtain the pulse number threshold N, and stores the pulse number threshold N, which realizes the negotiation of the pulse number threshold N between the first terminal and the second terminal, meanwhile ensures the security of the negotiation process.
  • the security of the pulse number threshold N can be ensured, and the pulse number threshold N is prevented from being externally tampered. Furthermore, the negotiation process of the pulse number threshold N can be negotiated before each information interaction, thereby further ensuring the security of the pulse number threshold N.
  • the pulse number threshold N is stored in the factory preconfigured information of the first terminal and of the second terminal, in which N ⁇ ⁇ and ⁇ is the number of pulses generated when the communication carrier signal goes through a frame waiting time defined by a communication protocol adopted by the first terminal and the second terminal.
  • is the change value in the number of pulses generated when the communication carrier signal goes through a frame waiting time defined by the communication protocol adopted by the first terminal and the second terminal.
  • a frame waiting time refers to the effective waiting time after the data packet to be processed is sent, which is defined in the communication protocol. Communication fails after frame waiting time.
  • N ⁇ ⁇ ensures that the second terminal sends the response data packet to the first terminal within the frame waiting time, which is compatible with the existing communication protocol, and ensures normal communication between the first terminal and the second terminal under the existing communication protocol.
  • the first terminal and the second terminal perform data interaction based on a pulse communication protocol, and perform a verification operation on the received pulse number threshold N based on a tamper-proof check value, in which the pulse communication protocol is a communication protocol in which transmission data at least includes the pulse number threshold N; or the pulse communication protocol is a communication protocol in which transmission data at least includes the pulse number threshold N and the tamper-proof check value.
  • the tamper-proof check value is configured to perform the verification operation on the pulse number threshold N.
  • the communication protocol adopted by the first terminal and the second terminal may define that the pulse number threshold N is carried in the communication data. After receiving the data packet in the communication process, the first terminal and the second terminal may read the pulse number threshold N from the data packet, and perform timing communication based on the pulse number threshold N in the data packet. Furthermore, the communication protocol adopted by the first terminal and the second terminal may further define that the pulse number threshold N and the tamper-proof check value are simultaneously carried in the communication data. After receiving the data packet in the communication process, the first terminal and the second terminal may read the pulse number threshold N and the tamper-proof check value in the data packet, in which the tamper-proof check value is a check value generated based on the pulse number threshold N.
  • the tamper-proof check value is obtained by performing a digest operation on the pulse number threshold N.
  • the first terminal and the second terminal After receiving the data packet in the communication process, the first terminal and the second terminal read the pulse number threshold N from the data packets to perform a verification operation.
  • the first terminal and the second terminal After receiving the data packet in the communication process, the first terminal and the second terminal read the pulse number threshold N that is tampered with by the third terminal from the data packet, which may cause the verification to fail.
  • the first terminal and the second terminal perform timing communication based on the pulse number threshold N in the data packet.
  • the pulse number threshold N and the tamper-proof check value may be added to the data header or data tail of the communication data packet defined by the existing communication protocol. Obviously, the present disclosure is not limited to this.
  • pulse number threshold N By writing the pulse number threshold N to the transmission protocol to ensure that each packet contains the pulse number threshold N, and the first terminal and the second terminal do not need to store the pulse number threshold N, so as to prevent the third party from breaking the storage module of the first terminal or the second terminal to obtain the pulse number threshold N, and improve the communication efficiency.
  • the first terminal generates the pulse number threshold N based on ⁇ , and N ⁇ ⁇ , in which ⁇ is the number of pulses generated when the communication carrier signal goes through a predetermined completion time period of processing by the second terminal the received data from the first terminal.
  • the first terminal can obtain ⁇ in a variety of ways, including but not being limited to the following: ⁇ can be obtained by the first terminal from external key input, ⁇ can be obtained when the second terminal sends it to the first terminal, ⁇ can be obtained from scanning code by the first terminal, ⁇ can be obtained from the factory preconfigured information by the first terminal; N ⁇ ⁇ ensures that the second terminal completes the processing of the data packet to be processed and generating the response data packet before the response data packet needs to be sent, thereby ensuring normal communication between the first terminal and the second terminal.
  • is change value in the number of pulses generated when the communication carrier signal goes through a frame waiting time defined by a communication protocol adopted by the first terminal and the second terminal.
  • a frame waiting time refers to the effective waiting time after the data packet to be processed is sent, which is defined in the communication protocol. Communication fails after frame waiting time.
  • N ⁇ ⁇ ensures that the second terminal sends the response data packet to the first terminal within the frame waiting time, which is compatible with the existing communication protocol, and ensures normal communication between the first terminal and the second terminal under the existing communication protocol.
  • the pulse number threshold N may be sent to the second terminal in the following manner.
  • the first terminal encrypts the pulse number threshold N by using the second terminal public key to generate a pulse number threshold ciphertext, and sends the pulse number threshold ciphertext to the second terminal.
  • the pulse number threshold ciphertext generated by the encryption operation on the pulse number threshold through the second terminal public key can only be decrypted by the second terminal private key, and the second terminal private key is stored in the second terminal security chip and cannot be obtained by the external terminal, thereby ensuring the security of the pulse number threshold N.
  • the second terminal receives the pulse number threshold ciphertext, and decrypts the pulse number threshold ciphertext by using the second terminal private key to obtain the pulse number threshold, and stores pulse number threshold, which realizes that the first terminal sends the generated threshold pulse number N to the second terminal and ensures the security of the process of sending the pulse number threshold N.
  • the first terminal generates a first random number and sends the first random number and CA certificate of the first terminal to the second terminal.
  • the first random number may be generated by the first terminal according to an external random noise signal, or may be generated by the first terminal according to an internal random number generator, to ensure external unreachability of the first random number.
  • the second terminal receives the first random number and the CA certificate of the first terminal; generates a second random number; performs an authentication operation on the CA certificate of the first terminal; after the authentication succeeds, obtains the first terminal public key and performs a signature operation on the first random number by using the second terminal private key to generate the first signature information; encrypts the second random number by using the first terminal public key to generates the second random number ciphertext; and sends the first negotiation information to the first terminal, in which the first negotiation information includes at least: a CA certificate of the second terminal, the first signature information, and the second random number ciphertext.
  • the second random number may be generated by the second terminal according to an external random noise signal, or may be generated by the second terminal according to an internal random number generator, to ensure external unreachability of the second random number.
  • the second terminal obtains the first terminal public key based on the CA certificate of the first terminal, and encrypts the second random number by using the first terminal public key.
  • the second random number ciphertext generated by encryption through using the first terminal public key encryption can only be decrypted by using the first terminal private key, and the first terminal private key is stored in the first terminal security chip and cannot be obtained by the external terminal, thereby ensuring the security of the second random number.
  • the first terminal receives the first negotiation data packet, and performs an authentication operation on the CA certificate of the second terminal; after the authentication succeeds, performs a verification operation on the first signature information based on the second terminal public key; after the verification succeeds, encrypts the second random number ciphertext by using the first terminal private key to obtain the second random number; performs a signature operation on the second random number by using the first terminal private key to generate the second signature information; generates the third random number, encrypts the third random number by using the second terminal public key to obtain the third random number ciphertext; obtains the transmission key according to the first predetermined algorithm based on the second random number and the third random number, and sends the second negotiation information to the second terminal, in which the second negotiation information includes at least: the second signature information, and the third random number ciphertext.
  • the first terminal performs an identity authentication on the second terminal based on the second terminal public key to ensure the legality of the second terminal; after the authentication succeeds, encrypts the second random number ciphertext by using the first terminal private key to obtain the second random number; generates the third random number; obtains the transmission key according to the first predetermined algorithm based on the second random number and the third random number, in which the third random number may be generated by the first terminal according to an external random noise signal, or may be generated by the first terminal according to an internal random number generator, to ensure external unreachability of the second random number; encrypts the third random number by using the second terminal public key.
  • the third random number ciphertext generated by encryption through using the second terminal public key can only be decrypted by using the second terminal private key, and the second terminal private key is stored in the second terminal security chip and cannot be obtained by the external terminal, thereby ensuring the security of the third random number.
  • the second terminal receives the second negotiation data packet, and performs a verification operation on the second signature information based on the first terminal public key; after the verification succeeds, decrypts the third random number ciphertext by using the second terminal private key to obtain the third random number; obtains the transmission key according to the first predetermined algorithm based on the second random number and the third random number.
  • the second terminal generates the transmission key generation feedback information, and sends the transmission key generation feedback information to the first terminal.
  • the second terminal decrypts the third random number ciphertext by using the second terminal private key to obtain the third random number; obtains the transmission key according to the first predetermined algorithm based on the second random number and the third random number.
  • the first terminal and the second terminal respectively obtain the transmission key according to the first predetermined algorithm based on the second random number and the third random number, which not only ensures that the two sides negotiate the same transmission key, but also does not need to send the transmission key, thereby avoiding the leakage of the transmission key during the communication process and improving the security of the communication.
  • the first terminal receives the transmission key generation feedback information, encrypts the generated pulse number threshold N by using the transmission key to generate the pulse number threshold ciphertext, and sends the pulse number threshold ciphertext to the second terminal.
  • the first terminal encrypts the pulse number threshold N by using the transmission key to generate the pulse number threshold ciphertext.
  • the transmission key is respectively obtained by the first terminal and the second terminal based on the second random number and the third random number according to the first predetermined algorithm, and is only stored inside the first terminal and the second terminal, which cannot be obtained by the external terminal, thereby ensuring the security of the pulse number threshold N.
  • the second terminal receives the pulse number threshold ciphertext, and decrypts the pulse number threshold ciphertext by using the second terminal private key to obtain the pulse number threshold N, and stores the pulse number threshold N.
  • the second terminal decrypts the pulse number threshold ciphertext by using the transmission key to obtain the pulse number threshold N, and stores the pulse number threshold N, which realizes that the first terminal sends the generated threshold pulse number N to the second terminal and ensures the security of the process of sending the pulse number threshold N.
  • the pulse number threshold N is generated by the first terminal negotiating with the second terminal.
  • the negotiating includes the following.
  • the first terminal generates N and sends N to the second terminal, and the second terminal sends a response message to the first terminal after the second terminal successfully authenticates the first terminal.
  • the second terminal generates N and sends N to the first terminal, and the first terminal sends a response message to the second terminal after the first terminal successfully authenticates the second terminal.
  • the first terminal generates N1 and sends N1 to the second terminal
  • the second terminal generates N2 and sends N2 to the first terminal
  • the first terminal and the second terminal respectively generate the N by using N1 and N2 based on the same algorithm.
  • the above negotiation process may include, but is not limited to, the following three implementation solutions provided by the embodiment.
  • the first terminal generates a first random number and sends the first random number to the second terminal.
  • the first random number may be generated by the first terminal according to an external random noise signal, or may be generated by the first terminal according to an internal random number generator, to ensure external unreachability of the first random number.
  • the second terminal receives the first random number, generates a second random number, performs a signature operation on the first random number by using the second terminal private key to generate first signature information, and sends the first negotiation data packet to the first terminal, in which the first negotiation data packet includes at least: a CA certificate of the second terminal, the first signature information, and the second random number.
  • the second random number may be generated by the second terminal according to an external random noise signal, or may be generated by the second terminal according to an internal random number generator, to ensure external unreachability of the second random number.
  • the second terminal performs a signature operation on the first random number based on the private key thereof, and sends the CA certificate of the second terminal to the first terminal, so that the first terminal may authenticate the legality of the second terminal.
  • the first terminal receives the first negotiation data packet, and performs an authentication operation on the CA certificate of the second terminal, obtains the second terminal public key after the authentication succeeds, performs a verification operation on the first signature information based on the second terminal public key, performs a signature operation on the second random number by using the first terminal private key after the verification succeeds to generate the second signature information, and sends the second negotiation data packet to the second terminal, in which the second negotiation data packet includes at least: the CA certificate of the first terminal, and the second signature information.
  • the first terminal performs an identity authentication on the second terminal based on the second terminal public key to ensure the legality of the second terminal. After the authentication succeeds, the first terminal performs a signature operation on the second random number based on the private key, and sends the self-CA certificate to the second terminal, so that the second terminal authenticates the legality of the first terminal.
  • the second terminal receives the second negotiation data packet, and performs an authentication operation on the CA certificate of the first terminal, obtains the first terminal public key after the authentication succeeds, performs a verification operation on the second signature information based on the first terminal public key, generates the pulse number threshold N after the verification succeeds, encrypts the pulse number threshold N by using the first terminal public key to generates a pulse number threshold ciphertext, and sends the pulse number threshold ciphertext to the first terminal.
  • the second terminal performs an identity authentication on the first terminal based on the first terminal public key to ensure the legality of the first terminal. After the authentication succeeds, the second terminal generates the pulse number threshold N, encrypts the pulse number threshold N by using the first terminal public key to generate the pulse number threshold ciphertext.
  • the pulse number threshold ciphertext generated by the encryption on the pulse number threshold by using the first terminal public key can only be decrypted by using the first terminal private key, and the first terminal private key is stored in the first terminal security chip and cannot be obtained by the external terminal, thereby ensuring the security of the pulse number threshold N.
  • the first terminal receives the pulse number threshold ciphertext, and decrypts the pulse number threshold ciphertext by using the first terminal private key to obtain the pulse number threshold N and store the pulse number threshold N.
  • the first terminal decrypts the pulse number threshold ciphertext by using the first terminal private key to obtain the pulse number threshold N and store the pulse number threshold N, which realizes the negotiation of the pulse number threshold N between the first terminal and the second terminal, thereby ensuring the security of the negotiation process.
  • the first terminal generates a first random number and sends the first random number and a CA certificate of the first terminal to the second terminal.
  • the first random number may be generated by the first terminal according to an external random noise signal, or may be generated by the first terminal according to an internal random number generator, to ensure external unreachability of the first random number.
  • the second terminal receives the first random number and the CA certificate of the first terminal; generates a second random number; performs an authentication operation on the CA certificate of the first terminal; after the authentication succeeds, obtains the first terminal public key and performs a signature operation on the first random number by using the second terminal private key to generate the first signature information; encrypts the second random number by using the first terminal public key to generates the second random number ciphertext; and sends the first negotiation information to the first terminal, in which the first negotiation information includes at least: a CA certificate of the second terminal, the first signature information, and the second random number ciphertext.
  • the second random number may be generated by the second terminal according to an external random noise signal, or may be generated by the second terminal according to an internal random number generator, to ensure external unreachability of the second random number.
  • the second terminal obtains the first terminal public key based on the CA certificate of the first terminal, and encrypts the second random number by using the first terminal public key.
  • the second random number ciphertext generated by encryption through using the first terminal public key can only be decrypted by using the first terminal private key, and the first terminal private key is stored in the first terminal security chip and cannot be obtained by the external terminal, thereby ensuring the security of the second random number.
  • the first terminal receives the first negotiation data packet, and performs an authentication operation on the CA certificate of the second terminal; after the authentication succeeds, performs a verification operation on the first signature information based on the second terminal public key; after the verification succeeds, encrypts the second random number ciphertext by using the first terminal private key to obtain the second random number; performs a signature operation on the second random number by using the first terminal private key to generate the second signature information; generates the third random number, encrypts the third random number by using the second terminal public key to obtain the third random number ciphertext; obtains the transmission key according to the first predetermined algorithm based on the second random number and the third random number, and sends the second negotiation information to the second terminal, in which the second negotiation information includes at least: the second signature information, and the third random number ciphertext.
  • the first terminal performs an identity authentication on the second terminal based on the second terminal public key to ensure the legality of the second terminal; after the authentication succeeds, encrypts the second random number ciphertext by using the first terminal private key to obtain the second random number; generates the third random number; obtains the transmission key according to the first predetermined algorithm based on the second random number and the third random number, in which the third random number may be generated by the first terminal according to an external random noise signal, or may be generated by the first terminal according to an internal random number generator, to ensure external unreachability of the second random number; encrypts the third random number by using the second terminal public key.
  • the third random number ciphertext generated by encryption through using the second terminal public key can only be decrypted by using the second terminal private key, and the second terminal private key is stored in the second terminal security chip and cannot be obtained by the external terminal, thereby ensuring the security of the third random number.
  • the second terminal receives the second negotiation data packet, and performs a verification operation on the second signature information based on the first terminal public key; after the verification succeeds, decrypts the third random number ciphertext by using the second terminal private key to obtain the third random number; obtains the transmission key according to the first predetermined algorithm based on the second random number and the third random number.
  • the second terminal generates the transmission key generation feedback information, and sends the transmission key generation feedback information to the first terminal.
  • the second terminal decrypts the third random number ciphertext by using the second terminal private key to obtain the third random number; obtains the transmission key according to the first predetermined algorithm based on the second random number and the third random number.
  • the first terminal and the second terminal respectively obtain the transmission key according to the first predetermined algorithm based on the second random number and the third random number, which not only ensures that the two sides negotiate the same transmission key, but also does not need to send the transmission key, thereby avoiding the leakage of the transmission key during the communication process and improving the security of the communication.
  • the first terminal receives the transmission key generation feedback information, generates the pulse number threshold N, encrypts the pulse number threshold N by using the transmission key to generate the pulse number threshold ciphertext, and sends the pulse number threshold ciphertext to the second terminal.
  • the first terminal generates the pulse number threshold N, and encrypts the pulse number threshold N by using the transmission key to generate the pulse number threshold ciphertext.
  • the transmission key is respectively obtained by the first terminal and the second terminal based on the second random number and the third random number according to the first predetermined algorithm, and is only stored inside the first terminal and the second terminal, which cannot be obtained by the external terminal, thereby ensuring the security of the pulse number threshold N.
  • the second terminal receives the pulse number threshold ciphertext, and decrypts the pulse number threshold ciphertext by using the second terminal private key to obtain the pulse number threshold N, and stores the pulse number threshold N.
  • the second terminal decrypts the pulse number threshold ciphertext by using the transmission key to obtain the pulse number threshold N, and stores the pulse number threshold N, which realizes the negotiation of the pulse number threshold N between the first terminal and the second terminal, thereby ensuring the security of the negotiation process.
  • the first terminal generates a first random number and sends the first random number and a CA certificate of the first terminal to the second terminal.
  • the first random number may be generated by the first terminal according to an external random noise signal, or may be generated by the first terminal according to an internal random number generator, to ensure external unreachability of the first random number.
  • the second terminal receives the first random number and the CA certificate of the first terminal; generates N2; performs an authentication operation on the CA certificate of the first terminal; after the authentication succeeds, obtains the first terminal public key after the authentication succeeds and performs a signature operation on the first random number by using the second terminal private key to generate the first signature information; encrypts N2 by using the first terminal public key to generate a N2 ciphertext; and sends the first negotiation information to the first terminal, in which the first negotiation information includes at least: a CA certificate of the second terminal, the first signature information, and the N2 ciphertext.
  • N2 may be generated by the second terminal according to an external random noise signal, or may be generated by the second terminal according to an internal random number generator, to ensure external unreachability of N2.
  • the second terminal obtains the first terminal public key based on the CA certificate of the first terminal, and encrypts N2 by using the first terminal public key.
  • the N2 ciphertext generated by encryption through using the first terminal public key can only be decrypted by using the first terminal private key, and the first terminal private key is stored in the first terminal security chip and cannot be obtained by the external terminal, thereby ensuring the security of N2.
  • the first terminal receives the first negotiation data packet, and performs an authentication operation on the CA certificate of the second terminal; after the authentication succeeds, performs a verification operation on the first signature information based on the second terminal public key; after the verification succeeds, encrypts the N2 ciphertext by using the first terminal private key to obtain N2; performs a signature operation on N2 by using the first terminal private key to generate the second signature information; generates N1; encrypts N1 by using the second terminal public key to obtain a N1 ciphertext; obtains the transmission key according to the second predetermined algorithm based on N2 and N1; and sends the second negotiation information to the second terminal, in which the second negotiation information includes at least: the second signature information, and the N1 ciphertext.
  • the first terminal performs an identity authentication on the second terminal based on the second terminal public key to ensure the legality of the second terminal; after the authentication succeeds, encrypts the N2 ciphertext by using the first terminal private key to obtain N2; generates N1; obtains the pulse number threshold N according to the second predetermined algorithm based on N1 and N2.
  • N1 may be generated by the first terminal according to an external random noise signal, or may be generated by the first terminal according to an internal random number generator, to ensure external unreachability of the second random number.
  • N1 is encrypted by using the second terminal public key, and the N1 ciphertext generated by using the second terminal public key can only be decrypted by using the second terminal private key.
  • the second terminal private key is stored in the second terminal security chip and cannot be obtained by the external terminal, thereby ensuring the security of N1.
  • the second terminal receives the second negotiation data packet, and performs a verification operation on the second signature information based on the first terminal public key; after the verification succeeds, decrypts the N1 ciphertext by using the second terminal private key to obtain N1; obtains the pulse number threshold N according to the second predetermined algorithm based on N1 and N2.
  • the second terminal decrypts the N1 ciphertext by using the second terminal private key to obtain N1, and obtains the pulse number threshold N according to the second predetermined algorithm based on N1 and N2.
  • the first terminal and the second terminal respectively obtain the pulse number threshold N according to the second predetermined algorithm based on N1 and N2, which not only ensures that the two sides negotiate the same the pulse number threshold N, but also does not need to send out the pulse number threshold N, thereby avoiding the leakage of the transmission key during the communication process and improving the security of the communication.
  • the security of the pulse number threshold N can be ensured, and the pulse number threshold N is prevented from being externally tampered. Furthermore, the negotiation process of the pulse number threshold N can be negotiated before each information interaction, thereby further ensuring the security of the number threshold pulses N.
  • the communication manner adopted by the first terminal and the second terminal includes short distance wireless communication, which includes the following communication protocols: Bluetooth communication protocol, IrDA communication protocol, RFID communication protocol, ZigBee communication protocol, Ultra WideBand communication protocol, near field communication (NFC) communication protocol, WiMedia communication protocol, GPS communication protocol, DECT communication protocol, 1394 wireless communication protocol and dedicated wireless communication protocol.
  • short distance wireless communication which includes the following communication protocols: Bluetooth communication protocol, IrDA communication protocol, RFID communication protocol, ZigBee communication protocol, Ultra WideBand communication protocol, near field communication (NFC) communication protocol, WiMedia communication protocol, GPS communication protocol, DECT communication protocol, 1394 wireless communication protocol and dedicated wireless communication protocol.
  • the following communication protocols that may occur in the future are equivalent to the above communication protocols: the time required for data transmission under the maximum transmission distance supported by the communication protocol is less than the time required for data to be tampered with by external devices.
  • the first terminal begins to record the first number of pulses corresponding to the communication carrier signal sent by the first terminal when the first terminal completes sending the data packet to be processed, and receives the response data packet when the first number of pulses reaches the pulse number threshold N;
  • the second terminal begins to record the second number of pulses corresponding to the communication carrier signal received by the second terminal when the second terminal completes receiving the data packet to be processed, and sends the response data packet to the first terminal when the second number of pulses reaches the pulse number threshold N.
  • simultaneous receiving and sending through detecting the numbers of pulses by the first terminal and by the second terminal greatly improves the timing accuracy of the two parties, thus ensuring that the first terminal and the second terminal receive and send response data packets only at a particular moment of high precision. That is, even if the response data packet sent by the second terminal to the first terminal is intercepted by a third party during the transmission, the first terminal has already terminated the communication process when the data tampered by the third party reaches the first terminal, this is because the third party tampers with the data at millisecond level, which is far greater than the timing accuracy of the first terminal, and the first terminal immediately stops the communication if not receiving the response data packet at the particular moment, thereby greatly improving the reliability of the received response data packet.
  • N ⁇ ⁇ ensures that the second terminal completes processing of the data packet to be processed and generating the response data packet before the response data packet needs to be sent.
  • N ⁇ ⁇ ensures that the communication method and system is compatible with the existing communication protocol.
  • the embodiment provides a data communication system for performing the secure communication method in the method embodiment illustrated in Fig. 1 or 2 .
  • the system includes: a first terminal and a second terminal.
  • the first terminal continuously generates a communication carrier signal during communication with the second terminal.
  • the first terminal is configured to send a communication data signal carrying a data packet to be processed, and begin to record the first number of pulses corresponding to the communication carrier signal sent by the first terminal when the first terminal completes sending the data packet to be processed; in which the communication data signal is obtained by the first terminal through modulating the data packet to be processed onto the communication carrier signal;
  • the second terminal is configured to receive the communication data signal carrying the data packet to be processed, begin to record the second number of pulses corresponding to the communication carrier signal received by the second terminal when the second terminal completes receiving the data packet to be processed, and generate a response data packet based on the data packet to be processed;
  • the second terminal is configured to send the response data packet to the first terminal when the recorded second number of pulses reaches a pulse number threshold N; and the first terminal is configured to allow to begin receiving the response data packet when the recorded first number of pulses reaches the pulse number threshold N.
  • the first terminal is configured to generate a communication request, and send the communication request to the second terminal.
  • the second terminal is configured to receive the communication request, generate a first negotiation data packet based on the communication request, and send the first negotiation data packet to the first terminal.
  • the first terminal is configured to receive the first negotiation data packet, perform an authentication operation on the second terminal based on the first negotiation data packet, and after the authentication succeeds, generate a second negotiation data packet, and send the second negotiation data packet to the second terminal.
  • the second terminal is configured to receive the second negotiation data packet, perform an authentication operation on the first terminal based on the second negotiation data packet, and after the authentication succeeds, generate the pulse number threshold N, encrypt the pulse number threshold N to generate a pulse number threshold ciphertext, and send the pulse number threshold ciphertext to the first terminal, in which N ⁇ ⁇ , and ⁇ is the number of pulses generated when the communication carrier signal goes through a frame waiting time defined by a communication protocol adopted by the first terminal and the second terminal.
  • the first terminal is configured to receive the pulse number threshold ciphertext, decrypt the pulse number threshold ciphertext to obtain the pulse number threshold N, and store the pulse number threshold N.
  • the pulse number threshold N is stored in factory preconfigured information of the first terminal and of the second terminal, in which N ⁇ ⁇ , and ⁇ is the number of pulses generated when the communication carrier signal goes through a frame waiting time defined by a communication protocol adopted by the first terminal and the second terminal.
  • the first terminal and the second terminal perform data interaction based on a pulse communication protocol, and perform a verification operation on the received pulse number threshold N based on a tamper-proof check value, in which the pulse communication protocol is a communication protocol in which transmission data at least includes the pulse number threshold N and the tamper-proof check value.
  • the pulse number threshold N is generated by the first terminal based on ⁇ , and N ⁇ ⁇ , in which ⁇ is the number of pulses generated when the communication carrier signal goes through a predetermined completion time period of processing by the second terminal the received data from the first terminal.
  • the pulse number threshold N is generated by the first terminal negotiating with the second terminal, in which the negotiating including: the first terminal generating N and sending N to the second terminal, the second terminal sending a response message to the first terminal after the second terminal successfully authenticates the first terminal; or the second terminal generating N and sending N to the first terminal, the first terminal sending a response message to the second terminal after the first terminal successfully authenticates the second terminal; or the first terminal generating N1 and sending N1 to the second terminal, the second terminal generating N2 and sending N2 to the first terminal, the first terminal and the second terminal respectively generating the N by using N1 and N2 based on the same algorithm.
  • a communication manner adopted by the first terminal and the second terminal comprises: a short distance wireless communication manner.
  • the first terminal begins to record the first number of pulses corresponding to the communication carrier signal sent by the first terminal when the first terminal completes sending the data packet to be processed, and receives the response data packet when the first number of pulses reaches the pulse number threshold N;
  • the second terminal begins to record the second number of pulses corresponding to the communication carrier signal received by the second terminal when the second terminal completes receiving the data packet to be processed, and sends the response data packet to the first terminal when the second number of pulses reaches the pulse number threshold N.
  • simultaneous receiving and sending through detecting the numbers of pulses by the first terminal and by the second terminal greatly improves the timing accuracy of the two parties, thus ensuring that the first terminal and the second terminal receive and send response data packets only at a particular moment of high precision. That is, even if the response data packet sent by the second terminal to the first terminal is intercepted by a third party during the transmission, the first terminal has already terminated the communication process when the data tampered by the third party reaches the first terminal, this is because the third party tampers with the data at millisecond level, which is far greater than the timing accuracy of the first terminal, and the first terminal immediately stops the communication if not receiving the response data packet at the particular moment, thereby greatly improving the reliability of the received response data packet.
  • N ⁇ ⁇ ensures that the second terminal completes the processing of the data packet to be processed and generating the response data packet before the response data packet needs to be sent.
  • N ⁇ ⁇ ensures that the communication method and system is compatible with the existing communication protocol.
  • This embodiment provides a data communication method, as illustrated in FIG. 4 , including actions in the following blocks.
  • a communication data signal carrying a data packet to be processed is sent by the first terminal.
  • the first terminal begins to record the first number of pulses corresponding to the communication carrier signal sent by the first terminal; the communication data signal is obtained by the first terminal through modulating the data packet to be processed onto the communication carrier signal.
  • the communication data signal carrying the data packet to be processed is received by the second terminal.
  • the second terminal begins to record the second number of pulses corresponding to the communication carrier signal received by the second terminal when the second terminal completes receiving the data packet to be processed, and a response data packet is generated by the second terminal based on the data packet to be processed.
  • the response data packet is sent by the second terminal to the first terminal when the recorded second number of pulses reaches a pulse number threshold N.
  • the first terminal allows to begin receiving the response data packet when the recorded first number of pulses is within a threshold range.
  • the first terminal and the second terminal have various communication times such as data transmission time, data reception time, data analysis and processing time, and data error correction time. It is not possible for the first terminal to immediately receive the response data packet after detecting that the first number of pulses reaches N.
  • the first number of pulses detected by the first terminal is N+i, in which i is a change value in the number of pulses generated after the communication carrier signal passes various communication times such as data transmission time, data reception time, data analysis and processing time, and data error correction time.
  • the first terminal receives the response data packet within a short time range after detecting that the first number of pulses reaches N.
  • a threshold range can be obtained according to the error algorithm, within which only the maximum communication time such as the maximum data transmission time, the maximum data reception time, the maximum data analysis and processing time, and the maximum data error correction time between the first terminal and the second terminal can be realized.
  • the threshold range obtained according to the error algorithm is a small pulse range of values, for example as follows.
  • the first terminal rejects receiving data before detecting that the first number of pulses reaches N.
  • the first terminal allows to begin receiving the response data package when detecting that the first number of pulses reaches N.
  • the first terminal begins to reject receiving data when detecting that the first number of pulses reaches N+2 ⁇ .
  • the first terminal when the first terminal receives the response data packet sent by the second terminal when the second terminal detects that the second number of pulses reaches N, the first number of pulses detected by the first terminal is N+2 ⁇ .
  • the actual communication distance S between the first terminal and the second terminal is necessarily smaller than the maximum communication distance supported by the communication mode adopted by the first terminal and the second terminal.
  • the communication mode adopted by the first terminal and the second terminal includes: short distance wireless communication mode, and n is a change value in the number of pulses generated when the communication carrier signal passes through the maximum communication distance supported by the communication mode adopted by the first terminal and the second terminal, and then ⁇ is necessarily smaller than n.
  • N+2n is less than or equal to ⁇
  • is the number of pulses generated when the communication carrier signal goes through a frame waiting time defined by the communication protocol adopted by the first terminal and the second terminal.
  • N+2n is less than or equal to ⁇ , which ensures that the first terminal sends the response data packet to the second terminal within the frame waiting time, and is compatible with the existing communication protocol, and ensures normal communication between the first terminal and the second terminal under the existing communication protocol.
  • N+2n is less than or equal to ⁇
  • N is also necessarily less than ⁇ , which ensures that the second terminal sends the response data packet to the first terminal within the frame waiting time, and is compatible with the existing communication protocol, and ensures normal communication between the first terminal and the second terminal under the existing communication protocol.
  • the data signal is transmitted at the speed of light and the time required for transmission at this time is negligible. That is, when the first terminal receives the response data packet that is sent by the second terminal when the second number of pulses reaches the pulse number threshold N, the first number of pulses detected by the first terminal is also N. At this time, since N is in the range of [N, N+2n], the first terminal allows to begin receiving data until the reception is completed, and the received data is processed.
  • the distance between the first terminal and the second terminal when the distance between the first terminal and the second terminal is minimum, it is possible to ensure the normal communication; when the distance between the first terminal and the second terminal is the maximum communication distance supported by the communication manner, such as the maximum communication distance supported by Bluetooth 2.0 is 10 meters, the maximum communication distance supported by ZigBee is 400 meters, the change value in the pulse number generated by the communication carrier signal passing through the space area between the first terminal and the second terminal is n. That is, when the first terminal receives the response data packet sent by the second terminal when the second terminal detects that the second number of pulses reaches N, the first number of pulses detected by the first terminal is N+2n.
  • N+2n is in the range of [N, N+2n], the first terminal allows to begin receiving data until the reception is completed, and the received data is processed.
  • the first terminal when the distance between the first terminal and the second terminal is maximum, it is possible to ensure the normal communication.
  • the change value in the pulse number N generated by the communication carrier signal passing through the space area between the first terminal and the second terminal is ⁇ , and ⁇ is less than n.
  • the first terminal receives the response data packet sent by the second terminal when the second terminal detects that the second number of pulses reaches N, the first number of pulses detected by the first terminal is N+2 ⁇ .
  • the first terminal allows to begin receiving data until the reception is completed, and the received data is processed.
  • the first terminal when the distance between the first terminal and the second terminal is maximum, it is possible to ensure the normal communication.
  • the first terminal is not allowed to receive externally transmitted data information. That is, the first terminal only allows to begin receiving the response data packet when the detected number of first terminal pulses is in the range of [N+2n], which greatly improves the reliability of the received response data packet.
  • the first terminal and the second terminal may be any device capable of data interaction communication.
  • the first terminal may be a reader, including a card reader, a computer, a mobile phone, a router, an in-vehicle device, a server, etc.
  • the second terminal may be a transponder, including a smart card, an ID card, a smart key device, a computer, a router, a smart home, a wearable device, etc.
  • the first terminal even if the response data packet sent by the second terminal to the first terminal is intercepted by a third party during the transmission, the first terminal has already terminated the communication process when the data tampered by the third party reaches the first terminal, this is because the third party tampers with the data at millisecond level, which is far greater than the timing accuracy of the first terminal, and the first terminal immediately stops the communication if not receiving the response data packet at the particular moment.
  • the method before sending the communication data signal carrying the data packet to be processed, the method further includes the actions of negotiating the pulse number threshold, which specified refers to the detailed description of the method illustrated in Fig. 2 in the above Embodiment 1.
  • the embodiment provides a data communication system for performing the secure communication method in the method embodiment illustrated in Fig. 4 .
  • the system includes: a first terminal and a second terminal.
  • the first terminal continuously generating a communication carrier signal during communication with the second terminal.
  • the first terminal is configured to send a communication data signal carrying a data packet to be processed, and begin to record the first number of pulses corresponding to the communication carrier signal sent by the first terminal when the first terminal completes sending the data packet to be processed; in which the communication data signal is obtained by the first terminal through modulating the data packet to be processed onto the communication carrier signal;
  • the second terminal is configured to receive the communication data signal carrying the data packet to be processed, begin to record the second number of pulses corresponding to the communication carrier signal received by the second terminal when the second terminal completes receiving the data packet to be processed, and generate a response data packet based on the data packet to be processed;
  • the second terminal is configured to send the response data packet to the first terminal when detecting that the second number of pulses reaches a pulse number threshold N;
  • the first terminal is configured to allow to begin receiving the response data packet when detecting that the first number of pulses is within a threshold range, wherein the threshold range is obtained by
  • the first terminal is configured to generate a communication request, and send the communication request to the second terminal.
  • the second terminal is configured to receive the communication request, generate a first negotiation data packet based on the communication request, and send the first negotiation data packet to the first terminal.
  • the first terminal is configured to receive the first negotiation data packet, perform an authentication operation on the second terminal based on the first negotiation data packet, and after the authentication succeeds, generate a second negotiation data packet, and send the second negotiation data packet to the second terminal.
  • the second terminal is configured to receive the second negotiation data packet, perform an authentication operation on the first terminal based on the second negotiation data packet, and after the authentication succeeds, generate the pulse number threshold N, encrypt the pulse number threshold N to generate a pulse number threshold ciphertext, and send the pulse number threshold ciphertext to the first terminal, in which N ⁇ ⁇ , and ⁇ is the number of pulses generated when the communication carrier signal goes through a frame waiting time defined by a communication protocol adopted by the first terminal and the second terminal.
  • the first terminal is configured to receive the pulse number threshold ciphertext, decrypt the pulse number threshold ciphertext to obtain the pulse number threshold N, and store the pulse number threshold N.
  • the pulse number threshold N is stored in factory preconfigured information of the first terminal and of the second terminal, in which N ⁇ ⁇ , and ⁇ is the number of pulses generated when the communication carrier signal goes through a frame waiting time defined by a communication protocol adopted by the first terminal and the second terminal.
  • the first terminal and the second terminal perform data interaction based on a pulse communication protocol, and perform a verification operation on the received pulse number threshold N based on a tamper-proof check value.
  • the pulse communication protocol is a communication protocol in which transmission data at least comprises the pulse number threshold N; or the pulse communication protocol is a communication protocol in which transmission data at least comprises the pulse number threshold N and the tamper-proof check value.
  • the tamper-proof check value is configured to perform the verification operation on the pulse number threshold N.
  • the pulse number threshold N is generated by the first terminal based on ⁇ , and N ⁇ ⁇ , in which ⁇ is the number of pulses generated when the communication carrier signal goes through a predetermined completion time period of processing by the second terminal the received data from the first terminal.
  • the pulse number threshold N is generated by the first terminal negotiating with the second terminal, in which the negotiating includes: the first terminal generating N and sending N to the second terminal, the second terminal sending a response message to the first terminal after the second terminal successfully authenticates the first terminal; or the second terminal generating N and sending N to the first terminal, the first terminal sending a response message to the second terminal after the first terminal successfully authenticates the second terminal; or the first terminal generating N1 and sending N1 to the second terminal, the second terminal generating N2 and sending N2 to the first terminal, the first terminal and the second terminal respectively generating the N by using N1 and N2 based on the same algorithm.
  • a communication manner adopted by the first terminal and the second terminal comprises: a short distance wireless communication manner.
  • the threshold range is [N, N+2n], in which N+2n ⁇ ⁇ , and ⁇ is the number of pulses generated when the communication carrier signal goes through a frame waiting time defined by a communication protocol adopted by the first terminal and the second terminal, and n is the number of pulses generated when the communication carrier signal goes through a maximum communication distance defined by a communication manner adopted by the first terminal and the second terminal.
  • the first terminal begins to record the first number of pulses corresponding to the communication carrier signal sent by the first terminal when the first terminal completes sending the data packet to be processed, and receives the response data packet when the first number of pulses is within the threshold range;
  • the second terminal begins to record the second number of pulses corresponding to the communication carrier signal received by the second terminal when the second terminal completes receiving the data packet to be processed, and sends the response data packet to the first terminal when the second number of pulses reaches the pulse number threshold N.
  • simultaneous receiving and sending through detecting the numbers of pulses by the first terminal and by the second terminal greatly improves the timing accuracy of the two parties, thus ensuring that the first terminal and the second terminal receive and send response data packets only at a particular moment of high precision. That is, even if the response data packet sent by the second terminal to the first terminal is intercepted by a third party during the transmission, the first terminal has already terminated the communication process when the data tampered by the third party reaches the first terminal, this is because the third party tampers with the data at millisecond level, which is far greater than the timing accuracy of the first terminal, and the first terminal immediately stops the communication if not receiving the response data packet at the particular moment, thereby greatly improving the reliability of the received response data packet.
  • N ⁇ ⁇ ensures that the second terminal completes the processing of the data packet to be processed and generating the response data packet before the response data packet needs to be sent.
  • N ⁇ ⁇ ensures that the communication method and system is compatible with the existing communication protocol.
  • each part of the present disclosure may be realized by the hardware, software, firmware or their combination.
  • a plurality of steps or methods may be realized by the software or firmware stored in the memory and executed by the appropriate instruction execution system.
  • the steps or methods may be realized by one or a combination of the following techniques known in the art: a discrete logic circuit having a logic gate circuit for realizing a logic function of a data signal, an application-specific integrated circuit having an appropriate combination logic gate circuit, a programmable gate array (PGA), a field programmable gate array (FPGA), etc.
  • each function cell of the embodiments of the present disclosure may be integrated in a processing module, or these cells may be separate physical existence, or two or more cells are integrated in a processing module.
  • the integrated module may be realized in a form of hardware or in a form of software function modules. When the integrated module is realized in a form of software function module and is sold or used as a standalone product, the integrated module may be stored in a computer readable storage medium.
  • the storage medium mentioned above may be read-only memories, magnetic disks or CD, etc.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Toxicology (AREA)
  • Health & Medical Sciences (AREA)
  • Artificial Intelligence (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Electromagnetism (AREA)
  • General Health & Medical Sciences (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
EP17836422.0A 2016-08-05 2017-08-04 Procédé de communication de données et système Ceased EP3496359A1 (fr)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
CN201610640012.XA CN107690144B (zh) 2016-08-05 2016-08-05 一种数据通信方法及系统
CN201610639419.0A CN107690141B (zh) 2016-08-05 2016-08-05 一种数据通信方法及系统
PCT/CN2017/095990 WO2018024241A1 (fr) 2016-08-05 2017-08-04 Procédé de communication de données et système

Publications (2)

Publication Number Publication Date
EP3496359A4 EP3496359A4 (fr) 2019-06-12
EP3496359A1 true EP3496359A1 (fr) 2019-06-12

Family

ID=61072800

Family Applications (1)

Application Number Title Priority Date Filing Date
EP17836422.0A Ceased EP3496359A1 (fr) 2016-08-05 2017-08-04 Procédé de communication de données et système

Country Status (4)

Country Link
US (1) US10979899B2 (fr)
EP (1) EP3496359A1 (fr)
SG (1) SG11201900994TA (fr)
WO (1) WO2018024241A1 (fr)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP7003544B2 (ja) * 2017-09-29 2022-01-20 株式会社デンソー 異常検知装置、異常検知方法、プログラム及び通信システム
US11212093B2 (en) * 2018-09-14 2021-12-28 Htc Corporation Method of social key recovery and related device
TWI692228B (zh) * 2018-10-24 2020-04-21 啟碁科技股份有限公司 用於網狀網路的連線建立系統及方法
US11038683B1 (en) * 2020-01-24 2021-06-15 Via Science, Inc. Secure data processing

Family Cites Families (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4641325A (en) * 1985-02-04 1987-02-03 General Electric Company Receiver for phase shift modulated carrier signals
FR2743967B1 (fr) * 1996-01-18 1998-03-27 France Telecom Procede et dispositif de synchronisation temporelle d'un recepteur d'un signal multiporteuse
CN100385897C (zh) * 2001-12-28 2008-04-30 超波株式会社 设备禁用装置
US7379016B1 (en) * 2006-02-16 2008-05-27 Mcewan Technologies, Llc Carrier phase detection system for radar sensors
WO2009145018A1 (fr) * 2008-05-27 2009-12-03 パナソニック電工株式会社 Dispositif de réception
FR2954550A1 (fr) * 2009-12-23 2011-06-24 Commissariat Energie Atomique Procede de protection dans une communication radiofrequence sans contact.
US8599961B2 (en) * 2010-10-14 2013-12-03 KATREIN-Werke KG Crest factor reduction method and circuit for a multi-carrier signal
US8797911B2 (en) * 2012-02-21 2014-08-05 Qualcomm Incorporated Method and apparatus for reducing power consumption in a wireless communication device
CN103870868B (zh) * 2012-12-07 2017-04-05 上海华虹宏力半导体制造有限公司 非接触ic卡的解调电路
CN103353597A (zh) * 2013-07-10 2013-10-16 天津大学 一种用于超高频rfid定位的相位式测距方法
US9930523B2 (en) * 2014-03-11 2018-03-27 Ecole Polytechnique Federale De Lausanne (Epfl) Method and device for proving his identity
US9379746B2 (en) * 2014-06-30 2016-06-28 Texas Instruments Incorporated Isolation circuits for digital communications and methods to provide isolation for digital communications

Also Published As

Publication number Publication date
US20200382953A1 (en) 2020-12-03
EP3496359A4 (fr) 2019-06-12
SG11201900994TA (en) 2019-03-28
WO2018024241A1 (fr) 2018-02-08
US10979899B2 (en) 2021-04-13

Similar Documents

Publication Publication Date Title
US20210184872A1 (en) Authentication apparatus and method
US10979899B2 (en) Data communication method and system
US20190165947A1 (en) Signatures for near field communications
US20080085001A1 (en) Method of mutual authentication between a communication interface and a host processor of an nfc chipset
US10609552B2 (en) System and method for data communication protection
CN108702606B (zh) 一种无线通信的握手方法及设备
CN107690144B (zh) 一种数据通信方法及系统
CN107690133B (zh) 一种数据通信方法及系统
US10511946B2 (en) Dynamic secure messaging
CN107689946B (zh) 一种数据通讯方法及数据通讯系统
JP6698880B2 (ja) 安全通信方法及びシステム
CN107690143B (zh) 一种数据通信方法及系统
EP3496441B1 (fr) Procédé et système de communication de données
Kortvedt Securing near field communication
CN107688760B (zh) 一种数据通讯方法及数据通讯系统
CN107690141B (zh) 一种数据通信方法及系统
CN107690142B (zh) 一种数据通信方法及系统
CN107688749B (zh) 一种安全通信方法和系统
CN112713991A (zh) 一种利用定时通讯保护密钥协商的安全通信方法及系统
CN112688774A (zh) 一种利用定时通讯保护密钥协商的安全通信方法及系统
CN107688761B (zh) 一种数据通讯方法及数据通讯系统
WO2022121938A1 (fr) Procédé et système de communication sécurisée pour protéger une négociation de clé à l'aide d'une communication de synchronisation
US11272358B2 (en) Near field communication forum data exchange format (NDEF) messages
A Mohammed Performance Analysis of Security Measures in Near Field Communication

Legal Events

Date Code Title Description
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE

PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20190207

A4 Supplementary search report drawn up and despatched

Effective date: 20190411

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

AX Request for extension of the european patent

Extension state: BA ME

DAV Request for validation of the european patent (deleted)
DAX Request for extension of the european patent (deleted)
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: EXAMINATION IS IN PROGRESS

17Q First examination report despatched

Effective date: 20200124

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: EXAMINATION IS IN PROGRESS

REG Reference to a national code

Ref country code: DE

Ref legal event code: R003

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION HAS BEEN REFUSED

18R Application refused

Effective date: 20211210